Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for blocking user access to an external resource, comprising: monitoring, at a filter associated with a host in a protected network, a first request from and a corresponding response to the host to learn and store an association between a first identifier associated with an external resource under a first communication protocol and a second identifier associated with the external resource under a second communication protocol, wherein the first request is to a server external to the protected network; dynamically creating or updating a cache using the stored first and second identifiers in the filter; receiving, at the filter, a second request, sent under the second communication protocol, to access the external resource, wherein the external resource is identified in the second request by the second identifier; using the stored first and second identifiers in the cache to determine that the second request is associated with the first identifier; and using the first identifier to determine whether access to the external resource in response to the second request is prohibited by checking the first identifier against a blocking list including a list of blocked external resources; wherein the first identifier comprises an identifier entered by a user; wherein the external resource includes content requested by the user; and wherein monitoring a first request from and a corresponding response to a host includes: receiving the first request; determining the first identifier from the first request; storing the first identifier; receiving the corresponding response; associating, at the filter, the corresponding response with the first request; determining the second identifier and an associated time to live (TTL) value from the corresponding response; and storing the second identifier and associated time to live value in a manner that associates the second identifier and associated time to live value with the first identifier: wherein the second identifier is stored in a manner that associates the second identifier with the first identifier for a length of time defined by the time to live value associated with the second identifier.
2. The method as recited in claim 1 , wherein using the first identifier to determine whether access to the external resource is prohibited comprises checking whether the first identifier appears in a block list.
3. The method as recited in claim 2 , further comprising blocking the second request if the first identifier appears in the block list.
4. The method as recited in claim 3 , further comprising issuing an alert to the host if the second request is blocked.
5. The method as recited in claim 3 , further comprising issuing an alert to an administrator if the second request is blocked.
6. The method as recited in claim 1 , wherein monitoring a first request from and a corresponding response to a host includes: receiving the first request; determining the first identifier from the first request; storing the first identifier; receiving the corresponding response; associating the corresponding response with the first request; determining the second identifier from the corresponding response; and storing the second identifier in a manner that associates the second identifier with the first identifier.
7. The method as recited in claim 6 , wherein receiving the first request includes: capturing a packet associated with the first request; and at least partially decoding the packet.
8. The method as recited in claim 1 , wherein the first request comprises a Domain Name System (DNS) request.
9. The method as recited in claim 1 , wherein the first request comprises a Domain Name System (DNS) request if a destination port associated with the first request is Port 53 .
10. The method as recited in claim 1 , wherein the corresponding response comprises a Domain Name System (DNS) response.
11. The method as recited in claim 1 , wherein the corresponding response comprises a Domain Name System (DNS) response if a source port associated with the corresponding response is Port 53 .
12. The method as recited in claim 1 , wherein the first identifier comprises a domain name.
13. The method as recited in claim 1 , wherein the first identifier comprises a Uniform Resource Identifier (URI).
14. The method as recited in claim 1 , wherein the first communication protocol comprises a Hyper Text Transfer Protocol (HTTP).
15. The method as recited in claim 1 , wherein the second identifier comprises an Internet Protocol (IP) address.
16. The method as recited in claim 1 , wherein the second communication protocol comprises an Internet Protocol (IP).
17. The method as recited in claim 1 , wherein the second communication protocol comprises a Transmission Control Protocol (TCP).
18. The method as recited in claim 1 , wherein the second request comprises an HTTP GET request.
19. The method as recited in claim 1 , wherein the second request comprises an HTTP GET request if a destination port of the second request is Port 80 .
20. A system for blocking user access to an external resource, comprising: a processor configured to: monitor, at a filter associated with a host in a protected network, a first request from and a corresponding response to the host to learn and store an association between a first identifier associated with an external resource under a first communication protocol and a second identifier associated with the external resource under a second communication protocol, wherein the first request is to a server external to the protected network; dynamically create or update a cache using the stored first and second identifiers in the filter; receive, at the filter, a second request, sent under the second communication protocol, to access the external resource, wherein the external resource is identified in the second request by the second identifier; use the stored first and second identifiers in the cache to determine that the second request is associated with the first identifier; and use the first identifier to determine whether access to the external resource in response to the second request is prohibited by checking the first identifier against a blocking list including a list of blocked external resources; and a communication interface coupled to the processor and configured to receive the first request, the corresponding response, and the second request; wherein the first identifier comprises an identifier entered by a user; wherein the external resource includes content requested by the user; and wherein to monitor a first request from and a corresponding response to a host includes to: receive the first request; determine the first identifier from the first request; store the first identifier; receive the corresponding response; associate, at the filter, the corresponding response with the first request; determine the second identifier and an associated time to live (TTL) value from the corresponding response; and store the second identifier and associated time to live value in a manner that associates the second identifier and associated time to live value with the first identifier: wherein the second identifier is stored in a manner that associates the second identifier with the first identifier for a length of time defined by the time to live value associated with the second identifier.
21. The system as recited in claim 20 further comprising a memory coupled to the processor configured to store the first identifier and the second identifier.
22. The system as recited in claim 20 , wherein the processor is associated with a firewall.
23. The system as recited in claim 20 , wherein the processor is associated with the host.
24. The system as recited in claim 20 , wherein to receive the first request includes to: capture a packet associated with the first request; and at least partially decode the packet.
25. The system as recited in claim 20 , wherein the first identifier comprises a Uniform Resource Identifier (URI).
26. The system as recited in claim 20 , wherein the first communication protocol comprises a Hyper Text Transfer Protocol (HTTP).
27. The system as recited in claim 20 , wherein the second identifier comprises an Internet Protocol (IP) address.
28. The system as recited in claim 20 , wherein the second communication protocol comprises a Transmission Control Protocol (TCP).
29. A non-transitory computer readable storage medium having embodied thereon computer instructions which when executed by a computer cause the computer to perform a method comprising: monitoring, at a filter associated with a host in a protected network, a first request from and a corresponding response to the host to learn and store an association between a first identifier associated with an external resource under a first communication protocol and a second identifier associated with the external resource under a second communication protocol, wherein the first request is to a server external to the protected network; dynamically creating or updating a cache using the stored first and second identifiers in the filter; receiving, at the filter, a second request, sent under the second communication protocol, to access the external resource, wherein the external resource is identified in the second request by the second identifier; using the stored first and second identifiers in the cache to determine that the second request is associated with the first identifier; and using the first identifier to determine whether access to the external resource in response to the second request is prohibited by checking the first identifier against a blocking list including a list of blocked external resources; wherein the first identifier comprises an identifier entered by a user; wherein the external resource includes content requested by the user; and wherein monitoring a first request from and a corresponding response to a host includes: receiving the first request; determining the first identifier from the first request; storing the first identifier; receiving the corresponding response; associating, at the filter, the corresponding response with the first request; determining the second identifier and an associated time to live (TTL) value from the corresponding response; and storing the second identifier and associated time to live value in a manner that associates the second identifier and associated time to live value with the first identifier; wherein the second identifier is stored in a manner that associates the second identifier with the first identifier for a length of time defined by the time to live value associated with the second identifier.
30. The non-transitory computer program product as recited in claim 29 , wherein receiving the first request includes: capturing a packet associated with the first request; and at least partially decoding the packet.
Unknown
September 7, 2010
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.